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DETAILED ACTION 
Claim Rejections - 35 USC §103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-43 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al 
(U.S. 6,178,51 1) in view of Prasanta Behera (U.S. 6,535,879). 

♦ As per claim 1, 22, 43, 

Cohen discloses a method for managing user schemas in a distributed computing system, 
comprising: 

- " Creating a first global user identification for a first user" See Fig. 10, col. 8, lines 41 - 
46, 63 - 67. The first global user identification corresponds to user A' identification. 

- This is the global identification because the information about the user (Personal Key 
manager) is stored in a global database (col. 4, lines 61 - 64, col. 5, hnes 16 - 21) 

- " Creating a second global user identification for a second user" See Fig. 10, col. 8, lines 
41 - 46, 63 - 67. The second global user identification corresponds to user B or X' 
identification. 

- " Creating a local user schema at a network node" the local user schema corresponds to 
the information that stored in a second database, called Configuration Information 
Manager (CIM) (See col. 5, lines 22 - 27). The content of CIM is described in col. 5, 
lines 59 - col. 6, lines 7. 
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- " Mapping the first global user identification to the local user schema" See Fig. 7-8, col. 
7, lines 11-17. 

- " Mapping the second global user identification to the local user schema" See Fig. 7-8, 
col. 7, lines 11 -17. 

- "When the first user logs into the network node, assigning the local user schema to the 
first user with a first user role; when the second user logs into the network node, 
assigning the local user schema to the second user with a second user role" 

Cohen does not clearly disclose that assigning the local user schema to the user with user 
role. Cohen teaches that the CIM includes the application type, and specific information that can 
be used to allow that user to access the information, Cohen also teaches that the PKM is mapped 
to a set of remote procedure calls on each client machine. Those remote procedure calls have 
different protecfion levels and different properties (col. 9, lines 24 - 28, Cohen). 

However, Behera, on the other hand, discloses a method for access control via properties 
system that stored the access schema/role associated with an Access control List (See col. 4, 
lines 45 - 46). 

It would have been obvious to one with ordinary skill in the art at the time the invention was 
made to modify the CIM data of Cohen to include the access schema as described in Behera 
invention because the teaching would provide more security in protecting the data using different 
roles for different users. 

- " Wherein the first user and the second user have different privileges on the network 
node" see col. 3, lines 38-45, Behera. 

♦ As per claim 2, 23, the combination of Cohen and Behera disclose: 
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- " The method of claim 1 in which the first and second global user identifications are 
stored in a directory" col. 11, lines 54 - 56, Cohen. 

♦ As per claim 3, 24, the combination of Cohen and Behera disclose: 

- " The method of claim 2 in which the directory comprises a LDAP directory" See col. 3, 
lines 9 - 30, Behera. 

♦ As per claim 4, 25, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which the network node is a database server" See Fig. 1, col. 
3, lines 60 67, Cohen. 

♦ As per claim 5, 26, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which a data object maps the first global user identification to 
the local user schema" See Fig. 7 - 8, col. 7, lines 11-17, col. 9, lines 24 - 28, Cohen. 

♦ As per claim 6 - 7, 27 - 28, the combination of Cohen and Behera disclose: 

- " The method of claim 5 in which the data object specifically maps only the first global 
user identification to the local user schema" Because this process is applied for a single 
user, therefore, the data object specifically maps only the first global user identification to 
the local user schema. 

♦ As per claim 8 - 9, 29 - 30, the combination of Cohen and Behera disclose: 

- " The method of claim 5 in which the data object potentially maps multiple users to the 
local user schema", "The method of claim 8 in which the data object maps based upon a 
partial identification of the users" See col. 4, lines 40 - 44, Behera. 

♦ As per claim 10 - 1 1, 3 1 - 32, the combination of Cohen and Behera disclose: 
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- " The method of claim 5 in which the data object maps based upon a specific computer 
node", "The method of claim 10 in which the data object resides in a directory beneath an 
associated server object" See col. 6, lines 38 - 42, Cohen. 

♦ As per claim 12 - 13, 33 - 34, the combination of Cohen and Behera disclose: 

- " The method of claim 5 in which the data object maps based upon a domain", "The 
method of claim 12 in which the data object resides beneath a domain object" See col. 4, 
lines 52 - 53, 64 - col 5, lines 2, Cohen. 

♦ As per claim 14, 35, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which the first user role and the second user role are 
different" See col. 3, lines 38 - 45, Behera. 

♦ As per claim 15, 36, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which privileges associated with the local schema are 
assigned to the first and second users" See col. 4, lines 45 - 46, Behera. 

♦ As per claim 16, 37, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which an entry-level mapping object maps a specific user and 
in which a sub tree-level mapping object potentially maps multiple users based upon a 
partial match of user identifications, wherein the entry-level mapping object takes 
precedence over the sub tree-level mapping object" See Fig. 6, Behera. 

♦ As per claim 17, 38, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which an server mapping object and a domain mapping object 
both map a user, wherein the server mapping object takes precedence over the domain 
mapping object" Fig. 6, col.4, lines 63 - col. 5, lines 4, Behera. 
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♦ As per claim 18 - 19, 39 - 40, the combination of Cohen and Behera disclose: 

- " The method of claim 1 in which a record is maintained to track mappings to the local 
user schema that provides an audit trail corresponding to the first and second users. The 
method of claim 18 in which the record distinguished between mappings for the first and 
second users" See fig. 5, Cohen. 

♦ As per claim 20 - 21, 41 - 42, the combination of Cohen and Behera disclose: 

- " The method of claun 1 further comprising the act of creating a local mapping at the 
network node, in which the first user is mapped to the local schema only if the local 
mapping does not contain a mapping for the first user" See col. 5, lines 6 - 67, Cohen. 

- The method of claim 1 further comprising the act of creating a non-shared schema at the 
network node, the local user schema being a shared schema at the network node, in which 
the first user is mapped to the shared schema only if the first user is not mapped to the 
non-shared schema" See col. 5, lines 49 - 58, Cohen. 

Conclusion 

1 . The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

- Jenkins et al (U.S. 6,678,682) discloses a method for enterprise access management 
control. 

- Child et al (U.S. 6,556,995) discloses a method to provide global sign-on for ODBC 
based database appUcations. 

- Kao et al (U.S. 6,65 1,168) discloses an authentication fi-amework for multiple 
authentication processes and mechanisms. 
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- Kao et al (U.S. 6,275,944) discloses a method for single sign on using configuration 
directive with respect to target types. 

- Fang et al (U.S. 6,240,512) discloses a single sign-on mechanism having master key 
synchronization. 

- Fang et al (U.S. 6,243,816) discloses a single sign-on mechanism personal key manager. 
2. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CamLinh Nguyen whose telephone number is 703 - 305-1951. 
The examiner can normally be reached on Monday-Friday. 

From October 25, 2004, the Examiner can be reached at a new phone number: 571 - 
272-4024. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on 308-1436. The fax phone number for the 
organization where this appUcation or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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